CVE-2022-40799
Published: 29 November 2022
Summary
CVE-2022-40799 is a high-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Dlink Dnr-322L Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2022-40799 is a data integrity failure (CWE-494) in the Backup Config functionality of the D-Link DNR-322L network video recorder running firmware versions up to and including 2.60B15. The flaw stems from insufficient validation of configuration data, enabling an attacker to supply crafted input that the device processes without integrity checks.
An authenticated attacker with network access can exploit the issue to execute arbitrary operating-system commands on the device. The CVSS 8.8 vector reflects low attack complexity, no user interaction, and full compromise of confidentiality, integrity, and availability once the attacker is logged in.
Public references include a detailed proof-of-concept repository and listing in CISA’s Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild use. The associated EPSS score has remained steady at 0.57, reflecting sustained exploitation interest since disclosure. No vendor patch or firmware update is referenced in the available advisories; organizations are therefore advised to isolate or replace affected units.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44065
Vulnerability details
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
- CWE(s)
- KEV Date Added
- 05 August 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic or other integrity verification of configuration information before it is processed, blocking the malicious backup archive that triggers OS command execution.
Mandates validation of all input (including uploaded configuration archives) for correctness and safety, preventing acceptance of malformed or malicious backup files.
Enforces access restrictions and review/approval steps for configuration changes, limiting the ability of an authenticated user to load an untrusted backup config.